The final day of Infosec has now finished and what a fantastic event it has been. We had a total of NINE excellent sessions and many many great conversations with attendees wanting to know more about IBMs wide range of security solutions. We also made two new security product announcements at the show – for more details go to the press room on the IBM website here - http://ibm.co/Ii9Nfm

We had one session in the technical theatre today, given by Robert Freeman on IBM XFORCE cyber security threat landscape. The session was very well attended, with over ninety people in the room as well as it being live streamed into conference hall.Robert began the talk by explaining the IBMs X-Force team mission, giving some great stats around the analysis they do. For more information on this and to download the report etc please see below.

Robert then explained how IBM viewed 2011 as the year of security breach. He gave examples of notable security breaches during the last twelve months, including some of the high profile ones we have all seen in the national press. These includedSQL injection attacks against web servers, URL tampering, shell command injection attacks, SSH brute force activity, and phishing based malware distribution and click fraud - which is back up to where it was in early 2008.As had been mentioned in other IBM sessions, Robert spoke about the decline seen in web app vulnerabilities - a decline of 8% from 2011 and the lowest it's been since 2005. He also talked about how there are now much better patching policies due to pressure from public at large and he predicted there will be continued investment in this.Robert closed the session by talking about the security challenges emerging in the emerging areas of cloud and mobile. Smartphones and tablets are ever increasingly being brought into the workplace and attackers are finally warming to the opportunities these devices represent. Unfortunately 3rd party apps can lack secure permission coding etc leaving them vulnerable to attacks. He finished by talking about some of the high profile cloud breaches which are affecting known organisations and large amounts of customers. Good Cloud security requires cloud appropriate workloads, a flexible provider and effective due defence on part of the customer.If anyone is ingesting in learning more about IBMs many security solutions, then please register for our Pulse Comes to You event in London on the 30th May here -http://ibm.co/JgmnZDIf you can't attend the event then follow me on @Rswindell or @IBMPulse, as I will be posting updates through out the day. I will also be blogging here both pre and post the event.Please follow @IBMSecurity for more information specifically on our security events, news, collateral and more.If you attended the event, I hope you enjoyed it as much as I did. See you next year!!

IBM had another great four speaking sessions today, and a
colleague of mine -Lauren Mort (@Laurenmort2), joined me to help with our
social media activities throughout the day. Below are the key points that
Lauren and I thought were raised during the sessions.

Despite our first session being a report of the one given
by Simon Smith yesterday, we still learnt some more interesting facts whilst he
took the audience through the journey from basic, to proficient to a final
state of optimised security (which you can see in more detail in our blog from
yesterday - http://ibm.co/IoV9ju). Simon talked about how the optimisation
needs to be the specific to the individual company, be it a large multinational
bank or a 100 person company in the UK. A good security model can mean high
levels of staff retention, because employees are able to be innovative on other
projects, rather than having to deal with the daily struggle of keeping the
network secure.

Simon spoke
about how you need to start understanding what in your network is a normal
state and what isn't a normal state in order to achieve the desired “optimised”
state. The security needs to fit your business processes to ensure the maximum
amount of availability on your systems. Simon finished
by talking about how security needs to be built into the design, in an ideal
world from the word go – which often is untenable, but it certainly should not
just be a “bolt on”. Security is all about risk, and it’s the effective
managing of this risk that can lead you to the desired “optimised” state.

The second session of the day was given by John Smith on application security hacking 101 – to a packed room of over 70 people! He opened the
session by talking about the work of our X-Force team, who monitor 14b security events every day and produce an
annual trends and risks report on what security breaches etc we have seen over
the last 12 months. John talked to the
audience about SQL injection attacks against web servers, and how they are on
the rise - saying there must be a return for the attacker even if it is not at
apparent at first. John told the
audience that in 2011, 41% security vulnerabilities affected web apps – which is
good news as that was down 8% from the previous years, and the lowest it’s been
since 2005. This stat shows the organisations are taking the important steps
needed to address this problem – by using products like IBMs AppScan!

John then
continued the session by looking into XSS vulnerabilities, which still appear
in 40% of app scans that IBM perform for companies – which he said was scary as
they can so easily be addressed. John explained how injection flaws have “become
the poster child of application security”. John then gave the audience an example of an
XSS attack, and how much easily a lot of damage can be done, despite warning
end users of such possibilities.

John closed
the discussion by looking at black box (dynamic) analysis & white box
(static) analysis, and gave examples of how these both work. He then offered all the audience a free
demonstration of IBM AppScan on their own networks – which many of the audience
took him up on!

Rob Ford and
Jef Gielkens were next up for IBM, who gave a presentation on Integrated, Intelligent
Security analytics for Enterprises. They talked about as the world is becoming
more and more digitalised and interconnected, we are opening the door to
emerging threats and more data leaks. They looked at four key components that
we are currently seeing, all of which are affecting IT Security in some way – Data
Explosion, Consumerisation of IT, Everything Everywhere and Attack Sophistication.
Jef then looked at the different attacker types and techniques that we are now
seeing, and how this is making security a board room discussion, be in
affecting brand image, business results, supply chain, legal exposures, impact
of hacktivism and audit risk.

Jef talked
about how it is no longer enough just to protect the perimeter, silo point
products are not enough to secure your enterprises, IBM is integrating across
it silos with security intelligence solutions. He spoke about the
X-Force protection systems – which is a purpose built, multi tenanted
infrastructure designed to collect, aggregate, store, summarise and analyse
data to derive the events of most interest.

Rob then took
over and showed the audience the MSS architecture overview and how it
can be used to optimise security intelligence. He looked into suspicious hosts
and IP intelligence. He then took the audience through three use case scenarios
– visibility despite encryption or obfuscation, identification of reconnaissance
and infected websites. Jef wrapped up the session by stating that intelligent
security solutions provide the DNA to secure a Smarter Planet.

Rob Whitters gave the final session of the day for IBM (entitled
Next Generation SIEM in Action), who has just joined IBM through the
acquisition of Q1 labs. Rob opened by giving a brief history of Q1 labs and his
involvement with the company. He explained that Q1 labs
solve customer problems with total security intelligence. He explained how they
are able to help customers look at the threats on their networks, predict risks
against the business, consolidate data silos and detect insider fraud. Rob
spoke about how the product can be used to link context to what threats we are seeing
on the network, where it’s from, which asset it is affecting, changes in
network protocol etc and from this derive vulnerability data.

Rob then took
the audience through a demonstration of the QRadar product, looking at the
customisable dashboards, the role based permissions/access and various
workflows. He explained how QRadar allows you to get to the facts quickly and
the data allows you to be proactive, to do something intelligent with it. He closed by talking about some of the 1500
report templates available inbuilt in the product, that can be used to
demonstrate immediate value.
If you would like to see live comments during the day from the show, please follow
me @RSwindell and @IBMSecurity.